Businesses have increased their spending on secure data communications technologies and have undertaken significant work to improve their internal processes to benefit security, according to an annual survey of IT network and systems administrators.
In a report to be published on 23 May, Amplitude Research will detail what it claims to be a "breakthrough" shift among IT administrators, specifically with regards to respondents' perceptions of their companies' willingness to throw money at securing data communications.
Beyond expanding budgets, a significant portion of the 300 IT workers participating in the Amplitude survey indicated that their companies are upgrading to newer remote access technologies and considering upgrades to Microsoft's new Windows Vista operating system to take advantage of expanded security features.
According to the report, which is in its fourth year, IT budgets have taken a dramatic turn since early 2006 with roughly 63 percent of the administrators who responded to the survey indicating that they are satisfied with the amount of money their companies are spending on information security in 2007.
In last year's report, only 49 percent of respondents said they were comfortable with their employers' current level of security investments.
Overall, improving security for remote access remained one of the top areas of concern for administrators responding to the survey with 47 percent ranking the issue among their leading three priorities for 2007.
Patching systems with software bulletins (42 percent) and keeping virus definitions up to date (45 percent) ranked as other leading causes for concern, along with monitoring for intrusions (40 percent).
The area of work that has experienced the greatest increase in activity and budgeting over the past year is in improving security of file transfers, with some 31 percent of those surveyed rating the area as a top concern, compared to only 13 percent of respondents in 2006, the research company said.
Amplitude found that 68 percent of the 300 administrators who answered its survey said that they currently use a secure method for file transfer when sending sensitive data internally between remote offices, up from 52 percent in 2006.
Roughly 75 percent of those surveyed said that they now use a secure method for exchanging sensitive data with outside parties, including vendors, customers, and suppliers.
Among those using secure file transfers either internally or externally, a vast majority, 73 percent, said that their companies have policies in place to dictate what types of information must be safeguarded, up from 60 percent in 2006.
Some 67 percent of the companies already using secure file transfer systems said they are also planning to upgrade the technologies that they currently use to that end within the next year.
"This increase in secure file transfers, and the knowledge that organisations are arming their IT and network administrators with better budgets are very positive signs," said Steve Birnkrant, chief executive of Amplitude. "It's interesting that we've been covering this for four years, and it's finally happening now, but sometimes things don't move as quickly as you might hope, and this may be a sign that a lot of planning and discussion is finally translating into real-world budgets and projects."
Another area for optimism in security can be found in company efforts to improve remote access tools, according to the report. One of the primary areas of improvement in remote access highlighted in the report is increasing popularity of SSH technologies to move data over remote connections, versus more traditional Telnet systems.
When Amplitude first began conducting the survey in 2004, only 43 percent of respondents said they had moved to SSH with the proportion of users growing steadily over the years to reach 66 percent in 2007. Over the same time period, use of Telnet remained somewhat steady until 2006, when usage declined substantially from 54 percent in 2006 to only 38 percent in 2007.
SSH is considered superior to Telnet systems by many experts based on its increased level of data encryption.
In addition, some 50 percent of those individuals who said they have moved to SSH in 2007 said that it was likely that their companies would upgrade or replace their technologies sometime in the next year, compared to only 36 percent in 2006.
"We see this as a significant improvement as for many years, the use of SSH has increased, but we still saw so many people using Telnet, and we were wondering when this would shift," said Amplitude's Birnkrant. "People are finally waking up to all the vulnerabilities that affect Telnet, and this will greatly improve security for exchanging sensitive data over remote connections."
In another interesting twist, Amplitude found that many of the organizations it surveyed appear to be considering upgrades to Microsoft's Windows Vista OS in the name of benefiting from the product's security features.
Many security industry watchers have questioned whether the addition of onboard antimalware, encryption and UAC (user account control) tools would encourage business customers to move to Vista.
According to the report, of the 217 respondents who said they are either testing or installing Vista during 2007, some 53 percent listed security enhancements as a primary driver of those projects with an additional 14 percent citing UAC - meant to limit the administrative permissions of individual machines to ward off malware attacks - as a major incentive.
Some 22 percent of respondents told Amplitude they were upgrading to Vista to take advantage of overall "improved functionality" in the desktop software.
"Clearly, it is the security enhancements that many customers are looking at when considering a move to Vista," Birnkrant said. "There has been a good deal of debate but obviously some organizations are seeing security as a strong selling point for the product."